Re: JSON THREAT PROTECTION WITH KVM variables

jag48 · 07-20-2021 12:24 PM

Does Apigee supports using KVM variables in json threat protection policy ?

dchiesa1

Please elaborate. Give an example configuration.

jag48

I am trying to get StringValueLength from KVM variable named "stringValueLength" like below:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<JSONThreatProtection async="false" continueOnError="false" enabled="true" name="jsonthreat-Protection-ATB">
<DisplayName>jsonthreat-Protection-ATB</DisplayName>
<Properties/>
<Source>request</Source>
<StringValueLength>{stringValueLength}</StringValueLength>
</JSONThreatProtection>

value of variable is 50 and my string length is < 50 but i keep getting

{"fault":{"faultstring":"JSONThreatProtection[jsonthreat-Protection-ATB]: Execution failed. reason: JSONThreatProtection[jsonthreat-Protection-ATB]: Exceeded string value length at line 2","detail":{"errorcode":"steps.jsonthreatprotection.ExecutionFailed"}}}

However If I hard code this value as <StringValueLength>50</StringValueLength> then it works just fine

dchiesa1

Ahhh, I see.

At this moment, the StringValueLength configuration option is not a message template, nor does it accept a ref= attribute. Hard-coding the value is the only option at this point. It's a reasonable request for enhancement. But you can't do that today.

santoshghalsasi

Hi Dino,

Is this applicable for all the attributes in this policy? Do we have any work around to make it configurable? I am looking to do this for on prem 4.5 version of edge.

Thanks,

Santosh

SnehaPatekar

Does this work now with latest apigee updates?? Are we able to get ref value (kvm value) in json threat protection?

sillan_dt

<Source>stringValueLength</Source>
<StringValueLength>50</StringValueLength>

It should be as above.

sillan_dt

You need to first retrieve the KVM value using KVM policy, then you can apply the threat protection to validate.